<?php
# 文件名称:site.php
# MetInfo在线反馈系统 
# Copyright (C) 长沙米拓信息技术有限公司 (http://www.metinfo.cn). All rights reserved.
class site extends C_controller {
	function site()
	{
		$SYS = &get_instance();
		//设置语言
		$model = &$this->getModel();
		$default = $model->getLanguage();		
		$SYS->lang->site_language=$default['lang_code'];
		$this->setLanguageFile( 'site' );
		parent::C_controller();	
	}
	
	function display()
	{
		parent::display($this->getTask());
	}
	function error()
	{
		parent::display('error');
	}
	function save()
	{
		$SYS = &get_instance();		
		$success = true;
		//防止反复提交
		$m_now_time     = time();
		$m_now_date     = date('Y-m-d H:i:s',$m_now_time);
		$language = (int)$SYS->config->item('language');
		if((int)($language/10)==1) $column = $SYS->config->item('secondlang');
		if((int)($language%10)==1) $column = $SYS->config->item('firstlang');
		$lang = $SYS->request->getVar( 'lang', $column,	'post',	'cmd' );
		$form = $SYS->request->getVar( "form",  '',    'post',	'cmd' );
		$goUrl = WEBSELF.'/form/'.$form.'/lang/'.$lang;
		//获取IP
		if($_SERVER['HTTP_X_FORWARDED_FOR']){
			$m_user_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
		} elseif($_SERVER['HTTP_CLIENT_IP']){
			$m_user_ip = $_SERVER['HTTP_CLIENT_IP'];
		} else{
			$m_user_ip = $_SERVER['REMOTE_ADDR'];
		}
		$m_user_ip  = preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/',$m_user_ip) ? $m_user_ip : 'Unknown';
		
		$db = C_loader::getDBO();
		
		$query = 
			'SELECT addtime FROM `'.$db->_table_prefix.'feedback`' .
			' WHERE `ip` = \''.$m_user_ip.'\''.
			' ORDER BY addtime DESC'
		;		
		$db->setQuery($query);			
		$addtime = $db->loadResult();
		if($addtime == null) $addtime=$m_now_date;
		
		$time1 = strtotime($addtime);
		$time2 = strtotime($m_now_date);
		$timeok= (float)($time2-$time1);
		if($timeok!=0 && $timeok<=$SYS->config->item('anti_refresh_time'))
		{			
			show_js_error(C_text::_('NoRefresh'),$goUrl);
			return;
		}
		//表单是否过期
		$model	= &$this->getModel();
		$tmpform=$model->getForm();
		$form = $model->getName();
		if(strstr($tmpform['finishdate'],'0000-00-00')) $tmpform['finishdate']=$m_now_date;		
		$time1 = strtotime($tmpform['finishdate']);
		$time2 = strtotime($m_now_date);
		if ((float)($time2-$time1) > 0) {
			show_js_error(C_text::_('Tip2'),$goUrl);
			return;
		}
		
		//IP次数限制
		$query = 
			'SELECT COUNT(*) limitnum FROM `'.$db->_table_prefix.'feedback`' .
			' WHERE `ip` = \''.$m_user_ip.'\''.
			' AND fdtitle like \''.$form['name'].'\''
		;		
		$db->setQuery($query);			
		$limitnum = $db->loadResult();
		$params = unserialize($tmpform['params']);
		if(intval($params['limitnum']) != 0 && intval($limitnum) >= intval($params['limitnum']))
		{
			show_js_error(C_text::_('NoRefresh'),$goUrl);
			return;
		}		
		$questions = $model->getQuestions();
		
		//检验
		$data = $SYS->request->get('post') OR show_js_error(C_text::_('NoRefresh'),$goUrl);		
		//敏感字符
		$filtering = $SYS->config->item('filtering');
		$filtering = explode('|',$filtering);
		foreach($filtering AS $key=>$val)
		{
			if(in_array($val,$data['feedback']))
			{
				show_js_error(C_text::_('Filter'),$goUrl);
				return;
			}
		}
		$mulselect = explode("|", $data['mulselect']);
		array_pop($mulselect);
		$upload = explode("|", $data['upload']);
		array_pop($upload);
		$selectlist = explode("|", $data['selectlist']);
		array_pop($selectlist);
		//下拉
		for($i=0;$i<count($selectlist);$i++)
		{
			$data['feedback'][$selectlist[$i]]=str_ireplace('- '.C_text::_('SelectType').' -','',$data['feedback'][$selectlist[$i]]);
		}
		
		//多选
		for($i=0;$i<count($mulselect);$i++)
		{
			$tmp = $data['feedback'][$mulselect[$i]];
			if($mulselect[$i] != '') $data['feedback'][$mulselect[$i]] = '';
			if(is_array($tmp))//linux下有问题
			{
				$tmp = implode(",",$tmp);
				$data['feedback'][$mulselect[$i]] = $tmp;
			}
		}
		//上传
		for($i=0;$i<count($upload);$i++)
		{
			if(!$tmpfile=$this->savefile($upload[$i],$goUrl))
			{
				continue;
			}
			$tmpfile = WEBURL.'/media/upload/'.$tmpfile;
			$data['feedback'][$upload[$i]] = $tmpfile;			
		}
		
		$result = array();
		$feedback = array();
		for($i=0;$i<count($questions);$i++)
		{
			$feedback[$questions[$i]['name']] = $data['feedback'][$questions[$i]['id']];
		}		
		$result['data'] = serialize(C_html::_('select.toObjects',$feedback));
		//时间
		$result['addtime'] = $m_now_date;
		$result['ip']  = preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/',$m_user_ip) ? $m_user_ip : 'Unknown';
		
		$result['fdtitle'] = $form['name'];
		$result['fromurl'] = $_SERVER['HTTP_REFERER'];
		$result['module'] = 1;
		$result['number'] = count($questions);
		//保存
		$table = C_loader::getDTO('feedback');
		// Bind the data.
		if (!$table->bind($result)) {
			show_js_error(C_text::_('Tip1'),$goUrl);
			return;
		}
		// Check the data.
		if (!$table->check()) {
			show_js_error(C_text::_('Tip1'),$goUrl);
			return;
		}
		// Store the data.
		if (!$table->store()) {
			show_js_error(C_text::_('Tip1'),$goUrl);
			return;
		}	
		$address = $data['feedback'][$tmpform['replymailto']];		
		if((int)$tmpform['reply'] == 1 && strstr($address,'@')) 
		{
			$subject=$model->getReplySubject();
			$content=$model->getReplyContent();
			$this->reply($subject['name'],$content['name'],$address);
		}
		if((int)$tmpform['notice'] == 1)
		{
			$subject=$model->getTitle();
			$this->notice($subject['name'],$tmpform['noticemailto'],$feedback);
		}
		show_js_error(C_text::_('Success'),$goUrl);
	}
	function savefile($filename,$goUrl)
	{
		$SYS = &get_instance();
		$file = $SYS->request->getVar('feedback',null,'FILES');
		if(!file_exists($file["tmp_name"][$filename]))
		{
			return false;
		}
		//文件大小
		if($file["size"][$filename] == 0 || $file["size"][$filename]>1024*1024*intval($SYS->config->item('file_maxsize')))
		{
			show_js_error(C_text::_('UploadError'),$goUrl);
			return;
		}
		//是否可写
		C_loader::helper('file');
		$fileinfo = get_file_info(PATH_MEDIA.'/upload/',array('writable'));
		if(!$fileinfo['writable']) 
		{
			show_js_error(C_text::_('UploadError'),$goUrl);
			return;
		}
		//取得扩展名
		$ext = explode(".", $file["name"][$filename]);
		$ext = array_pop($ext);//文件类型?
		//设置保存文件名
		srand((double)microtime() * 1000000);
		$rnd = rand(100, 999);
		$name = date('U') + $rnd;
		$name = $name.".".$ext;
		//判断是否是合法文件类型
		if ($SYS->config->item('file_format') != "" && !in_array(strtolower($ext), explode("|", strtolower($SYS->config->item('file_format'))))) 
		{ 
			show_js_error(C_text::_('UploadError'),$goUrl);
			return;
		}
		if (!copy($file["tmp_name"][$filename],PATH_MEDIA.'/upload/'.$name)) 
		{
			show_js_error(C_text::_('UploadError'),$goUrl);
			return;
		}
		@unlink($file["tmp_name"][$filename]); //删除临时文件
		return $name;
	}
	function notice($subject,$address,$data)
	{
		$SYS = &get_instance();
		$SYS->loader->helper('mail');
		$body = '<table boder=true>';
		foreach($data AS $key => $val)
		{
			$body .= '
			<tr>
				<td width="150">
					'.$key.':
				</td>
				<td>
					'.$val.'
				</td>
			</tr>
			';
		}
		$body .= '</table>';
		sendEmail(array('subject'=>$subject,'toaddress'=>$address,'body'=>$body));
	}
	function reply($subject,$body,$address)
	{		
		$SYS = &get_instance();
		$SYS->loader->helper('mail');		
		sendEmail(array('subject'=>$subject,'toaddress'=>$address,'body'=>$body));
	}
}
# 本程序是一个开源系统,使用时请你仔细阅读使用协议,商业用途请自觉购买商业授权.
# Copyright (C) 长沙米拓信息技术有限公司 (http://www.metinfo.cn). All rights reserved.
?>